CAS-005 · Question #143
CAS-005 Question #143: Real Exam Question with Answer & Explanation
The correct answer is B: Revoking the secret used in the solution. The code includes a hard-coded secret (access_token), which is a security vulnerability. The first action should be to revoke this secret immediately to prevent unauthorized access, as it is exposed in the public repository. Once the secret is revoked, the secret management proce
Question
A security analyst is reviewing the following code in the public repository for potential risk concerns: Which of the following should the security analyst recommend first to remediate the vulnerability?
Options
- ADeveloping role-based security awareness training
- BRevoking the secret used in the solution
- CPurging code from public view
- DScanning the application with SAST
Explanation
The code includes a hard-coded secret (access_token), which is a security vulnerability. The first action should be to revoke this secret immediately to prevent unauthorized access, as it is exposed in the public repository. Once the secret is revoked, the secret management process should be improved, such as by using environment variables or secure vault solutions.
Community Discussion
No community discussion yet for this question.